XP registry values to tune EFS caching


Microsoft Windows XP provides the flexibility to adjust the cache-validation
time. The kernel will not validate the user credentials during this cache
period. This has the net effect of faster access to encrypted files that may be
opened several times during a given time period. The number of seconds the
kernel will cache the session key for a user for a given file.

Cached session keys are stored in nonpaged pool memory. Increasing the value
of EFSKCACHEPERIOD will result in higher usage of nonpaged pool memory. This
increased nonpaged pool usage might cause problems for some machines, especially
machines that are trusted for delegation for remote encryption.

Hive: HKEY_LOCAL_MACHINE

Key: System\CurrentControlSet\Services\NTFS\EFS\Parameters

Name: EFSKCACHEPERIOD

Type: REG_DWORD
Value: 5
secs default value; 2 sec min, 20 sec max

Adjusting the user mode cache validation time upwards will improve the
performance of systems that use EFS operations frequently. When EFS operations
are in use, processing time is needed for the system to obtain and validate the
certificates and keys. This will significantly slow system performance if the
user mode cache validation time is set too low. The higher the user mode cache
validation setting, the less often the system validates; the lower the setting,
the more often the system validates. If EFS security is a priority in your
system, then you will want appropriate EFS credentials to be validated more
frequently. For maximum security, the lowest setting will provide the most
frequent validation.

Hive: HKEY_LOCAL_MACHINE

Key: Software\Microsoft\Windows
NT\CurrentVersion\EFS

Name: KeyCacheValidationPeriod
Type: REG_DWORD
Value: 3600
secs default value; 60 min, 86400 (1 day) max ‘

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top